Adapter for connecting computer to satellite antenna

ABSTRACT

A method and apparatus for an adapter card, for use in a computer, to provide conditional access by the computer to incoming data streams while maintaining the security of information by maintaining a listing of addresses corresponding to data streams which the computer is authorized to receive, receiving and determining the address of a frame, determining whether the frame address matches an address maintained in an Access Table, and processing and transmitting only those frames of data streams which the computer is authorized to receive.

RELATED APPLICATIONS

This application is a division of application Ser. No. 08/862,346 filedMay. 23, 1997, now U.S. Pat. No. 6,125,184, which is a division ofapplication Ser. No. 08/557,398 filed Nov. 13, 1995, U.S. Pat. No.5,652,795, which is a continuation-in-part of application Ser. No.08/340,347 filed Nov. 14, 1994, now abandoned.

FIELD OF THE INVENTION

The present invention relates generally to the field of communications,and more specifically to conditional access by computers to data streamstransmitted via satellite.

BACKGROUND OF THE INVENTION

Satellite communication has long been used to broadcast data tocomputers. In situations requiring the same data to be transmitted tomultiple sites, satellite communication, which allows a singletransmission of data to be received at multiple sites, can be more costeffective than terrestrial communication, which requires separatetransmission to each site.

In the past, data broadcast via satellite to a computer typically wasreceived by an external satellite receiver, which serially passed asingle data stream to the computer through a serial adapter interface.An example of such a system is the Opportunistic Data File Broadcastsystem developed by Hughes Network Systems, which employs a CompressionLabs Spectrum Saver satellite receiver to pass RS-422 serial data tohigh-speed adapters in computers at remote sites. This particular systemhas been used by financial institutions to broadcast financial data fromcentral data centers to branch offices.

For commercial data broadcasts, conditional access technology enablingonly authorized users to access the broadcast data is essential toensure payment for the data. Conditional access is typically implementedby encrypting the broadcast data and providing the decryption keys onlyto authorized receivers. In prior satellite data communication systems,such as the Opportunistic Data File Broadcast system, conditional accessfunctions have been performed by the external satellite receiver, whichoutputs a single decrypted data stream to the receiving computer. Inthese systems, conditional access is provided for only a single datastream. Thus, to access multiple data streams simultaneously transmittedwould require users to have a complete set of receiving equipment foreach data stream.

Another type of satellite communication system has been suggested inwhich an adapter card, insertable into a computer, enables satellitereception without the need for the external satellite receiver. Examplesof such systems are disclosed in U.S. Pat. No. 4,777,657 to Gillaspie,U.S. Pat. No. 5,019,910 to Filmer, and U.S. Pat. No. 5,359,367 toStockill.

However, these references fail to teach a system incorporatingconditional access technology, and similarly fail to provide forsimultaneous receipt of multiple data streams where the data streams areindividually conditional access controlled. Furthermore, to the extentthat the prior art discloses use of decryption hardware, none of theprior art systems extends the use of the hardware beyond decrypting anincoming broadcast data stream to providing encryption and decryptionoperations for the connected computer.

SUMMARY OF THE INVENTION

The present invention addresses the shortcomings of prior art systems byteaching a secure satellite communication system for providingsubscribers with conditional access to broadcast satellite data throughtheir computers. This system maintains the security of information byproviding access only to authorized users, and provides an additionalbenefit by enabling users to concurrently receive and decrypt multipledata streams.

In a preferred embodiment, the present invention teaches a method for anadapter card, for use in a computer, to provide conditional access bythe computer to input data, including data streams transmitted viasatellite, wherein a data stream is comprised of at least one frame andeach frame includes an address identifying the data stream. This methodincludes the steps of maintaining an Access Table, in which each tableentry includes an address field for storing an address corresponding toa data stream which the computer is authorized to receive, receiving aframe and determining its address, and determining whether the frameaddress matches an address maintained in the Access Table in order todetermine whether the computer has access to the data streamcorresponding to the frame. If a match is not found, the adapter carddiscards the frame, but if a match is found, the adapter card processesand transmits the frame to the computer through a bus interface.

In a preferred embodiment, the adapter card additionally is capable ofprocessing data transmitted from the computer.

In addition to the method described above, the present invention is alsodirected to an adapter card for use in a computer, for providingconditional access by the computer to input data including frames ofdata streams transmitted via satellite, wherein each data stream iscomprised of at least one frame and each frame includes an addressidentifying the data stream. The adapter card includes a receiver forreceiving a data stream frame, an Access Table, in which each tableentry includes an address field for storing an address corresponding toa data stream which the computer is authorized to receive, an integratedfilter/crypto (IFC) block for determining an address of the receivedframe and determining whether the frame address matches an addressmaintained in the Access Table, and a bus interface for enablingcommunication between the adapter card and the computer. If the IFCfinds that the frame address does not match a table address, the IFCblock discards the frame, but if it finds a match, the IFC blockprocesses the frame into output data, to be transmitted to the computervia the bus interface. The IFC preferably is also capable of processingdata input from the computer into output data.

The invention itself, together with further objects and attendantadvantages, will best be understood by reference to the followingdetailed description taken in conjunction with the accompanyingdrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustration of one form of satellite broadcast system inwhich the present invention may be implemented.

FIG. 2 is a block diagram of the preferred embodiment of the adaptercard receiver of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

It is envisioned that the present invention will be used in conjunctionwith a satellite broadcast system such as that shown in FIG. 1. Asillustrated, this system includes a network operations center (NOC) 10,satellites 20, antenna receivers 30, adapter card receivers 40 (adaptercards), and computers 50.

In this system, a subscriber, through an adapter card 40 inserted in acomputer 50, receives information in data streams broadcast viasatellite 20. The data streams are uplinked to one or morecommunications satellites 20 by the NOC 10 from a large antennabroadcast earth station. Each data stream is broadcast in units offrames, with each frame including an address header for identifying thedata stream, a data field containing data, and a CRC tail for ensuringaccurate transmission. Preferably, the frames are encrypted, and the keyneeded to decrypt the data of a frame is identified by its addressheader. Accordingly, data can be accessed only by receivers having theproper key.

Each antenna receiver 30, comprising a smaller antenna and low-noiseblock (LNB) element, receives the broadcast frames and transmits theframes to a connected adapter card 40 inserted in the subscriber'scomputer 50. Because the subscriber may have access to only a subset ofthe broadcast data streams, the adapter card 40 screens incoming frames,and processes only those frames the subscriber is authorized to receiveby using the frame address field to retrieve the corresponding key fordecrypting each frame. The adapter card 40 then transmits the decryptedframes through a bus interface to the computer 50.

The present invention is directed to the adapter card 40, which providesthe conditional access to incoming data streams, and preferably enablesconcurrent reception of multiple data streams. By processing onlyauthorized frames and discarding all others, the present inventionprevents unauthorized frames from ever being passed to the computer 50.This not only prevents subscribers from illicitly accessing thedecrypted data stream, but also provides a physical measure of securityby preventing the encrypted data stream from being made available to bedownloaded into the computer 50. This is an important feature becausesecurity mechanisms have been evaded by downloading encrypted data, asonce the encrypted data stream is stored in the computer memory, theuser can access the data for as many attempts as needed for decryption.

By evaluating and decrypting incoming data streams on a frame-by-framebasis, the present invention enables simultaneous reception of multipleconditional access controlled data streams statistically multiplexed ina received signal. Furthermore, because the present invention furtherenables frames to be decrypted as they are received, the need for bufferRAMs required in prior systems to store incoming frames can besubstantially reduced or eliminated, thereby lowering the cost of thesystems.

As explained in greater detail below, the preferred embodiment of thepresent invention increases the security of the conditional accessprovided to the transmitted data streams by providing a securemanagement system for the decryption keys. More specifically, thepreferred embodiment provides a system having at least two levels ofencryption, in which the decryption keys are themselves encrypted andnever appear to users in decrypted or human-intelligible form.

In the preferred embodiment, the adapter card 40 additionally providesthe encrypting and decrypting capabilities of the adapter card 40 to beused by the computer 50 as a general purpose bulk dataencryptor/decryptor, even while the adapter card 40 is concurrentlyprocessing received frames. Not only does this feature reduce theoverall cost to the user by eliminating the need for a separate dataencryption/decryption engine to handle computer data, it also permitsthe advantageous conditional access features of the present invention tobe provided to data received by the adapter card 40 from the computer 50via a number of possible sources, rather than from the satellite 20alone.

FIG. 2 illustrates the adapter card 40 of the preferred embodiment,which includes the following functional blocks:

1. Front End Block 41, 42: connects the adapter card receiver 40 to theantenna receiver 30, for receiving a plurality of signals from the NOC10 via the satellite 20 and transmitting data streams 41 a from aparticular signal selected by the tuner 41 to the Demodulator Block 43;

2. Demodulator Block 43: converts data streams 41 a received on theselected signal into digital form and transmits the demodulated datastream 43 a to the FEC Decoder Block 44;

3. FEC Decoder Block 44: identifies and corrects transmission errors inthe demodulated data stream 43 a and transmits the corrected data stream44 a to the Integrated Filter/Crypto Block 45;

4. Integrated Filter/Crypto Block 45: identifies frames within thereceived data stream 44 a and decrypts frames of the accessible datastreams; and

5. Bus Interface Block 46: enables communication between the adaptercard 40 and the computer 50.

1. Front End Block

In the preferred embodiment, as illustrated in FIG. 2, the Front EndBlock includes a tuner 41, which can be set to receive an IF signal in100 kHz steps in the frequency range of 950 to 1450 MHz, anddownconverts the received signal to an IF output centered at 60 MHz. Theoperation of the tuner 41 can be controlled 41 b by the computer 50through the Bus Interface Block 46, or in a preferred embodiment, alocal microprocessor may be provided on the adapter card 40 to monitorand control the tuner 41.

The Front End Block preferably also comprises a DC-DC converter 42, toprovide all power required by the tuner 41 as well as the attached LNBby converting a +5V signal 42 a received from the computer power supplyto voltages required by the various components (e.g., 42 b).

2. Demodulator Block

The Demodulator Block 43 receives and demodulates the downconvertedsignal 41 a from the Front End Block. In the preferred embodiment, theDemodulator Block 43 is implemented in a CMOS ASIC, and, through control43 b by the computer 50 or an adapter card microprocessor, provides allbaseband signal processing required for demodulation.

3. FEC Decoder Block

The FEC Decoder Block 44 uses redundant data in the demodulated digitaldata stream 43 a to identify and correct transmission errors. In thepreferred embodiment, FEC Decoder Block 44 consists of a Viterbisoft-decision decoder, depuncture logic which allows the rate ½ Viterbito operate at an effective rate of ⅔, a deinterleaver which scatters theerrors resulting from the incorrect attempts to correct data, and aReed-Solomon decoder capable of correcting the scattered errors.

4. Integrated Filter and Crypto Facility Block

The Integrated Filter and Crypto Facility (IFC) Block 45 plays a primaryrole in enabling the inventive conditional access features provided.

The IFC 45 receives frames of the digital data streams 44 a, which arepreferably encrypted. In the preferred embodiment, the standard DESalgorithm is used, although alternative encryption algorithms arepossible as well.

There are numerous methods by which users can acquire decryption keys,and the present invention can be adapted for use with any of thesemethods. For example, a subscriber can obtain a “smart card” from theservice provider, typically a credit-card sized card readable by thecomputer. In some cases, the information provider can send informationthat passes into the smart card to generate the decryption keys. Anothermethod is to obtain the keys through messages received from thesatellite link or over a terrestrial communications system (e.g., via amodem connected to the computer). Still another method is for thesubscriber to obtain the keys orally from the information provider andto manually enter the keys into the computer through the keyboard input.

The security of the present invention can be maintained with any ofthese systems because it does not depend solely on the security of theactual transmission of the keys. Rather, the security system of thepresent invention has multiple levels of security. At a first level, toreceive any satellite data stream, a user must subscribe to the serviceprovider and must obtain the necessary wiring and equipment. At the nextlevel, security is enhanced by means of “groups.” Each group comprises aset of data streams, and a subscriber must have access to a particulargroup in order to receive any of its data streams. Finally, in thepreferred embodiment, an additional level may be provided by requiringsubscribers to have specific authorization to receive each individualdata stream within a group.

The present invention implements this tiered conditional access systemthrough key management. Users become subscribers by subscribing to theservice provider and obtaining an adapter card receiver 40, having anIFC 45, to be inserted into a computer 50. In the preferred embodiment,the IFC 45 is physically secured by implementation in an ASIC, which isequipped with a burned-in Master Key used for identification purposes.In the preferred embodiment, a unique Master Key is used for each IFC45.

Preferably, to enhance the security of the conditional access featuresprovided, the Master Key is used for subscriber identification ratherthan decryption. Accordingly, each adapter card 40 is also assigned aunique User Key which is encrypted with the Master Key before beingdistributed to the subscriber, and is decrypted only within the IFC 45.This prevents the User Key from ever appearing in unencrypted form, evento the subscriber. Use of the User Key rather than the Master Key allowsthe Master Key to be kept physically secure within the ASIC andminimizes its use, thereby minimizing its exposure. Consequently, theonly method of compromising the security of the Master Key is bybreaking the algorithm used to encrypt the User Key or by compromisingthe physical security of the IFC 45. Furthermore, the security of theoverall system can be maintained through key distribution by simplychanging a subscriber's User Key. This avoids the need for physicalreplacement of the IFC 45 even if the security of the User Key iscompromised.

In the preferred embodiment having group access requirements, thefunction of the User Key is to decrypt Group Keys. A subscriber wantingto access any data stream within a particular group must have the GroupKey for that group. A Group Key can be distributed to subscribers by anyappropriate means with little risk to the security of the system becausethe entity providing distribution of Group Keys will encrypt a Group Keywith the subscriber's unique User Key before transmission. Accordingly,the Group Key can be decrypted only by the IFC 45 of the subscriber forwhich it is intended, minimizing the likelihood that it will bedistributed to and successfully used by an unauthorized user.Furthermore, even the authorized subscriber will never have access tothe decrypted Group Key, because the Group Key is encrypted by the UserKey until decrypted within the physically secure IFC ASIC, and asdescribed above, the subscriber does not have access to the User Key.

In the preferred embodiment, the only function of a Group Key is todecrypt Data Keys for the data streams within the group. As discussed,because a subscriber must be a member of a group to access any of thedata streams within the group, only subscribers having the appropriateGroup Key can decrypt the Data Key. Additionally, because each Data Keyis encrypted with its Group Key before being distributed to subscribers,in order to access and decrypt a particular data stream within a group,the subscriber must have the appropriate Data Key for that data stream.

The combination of the Group Keys and the Data Keys determine thesubscriber's accessibility to the incoming data streams, and must bekept current. In the preferred embodiment, an Access Table is stored inadapter card memory outside of the IFC 45, with entries corresponding todata streams the subscriber is authorized to receive. Each entryaccordingly has fields for an address of a data stream the subscriber isauthorized to access, and a Group Key and a Data Key required to decryptthat data stream. Because this table is located outside the IFC 45, theGroup and Data Keys are stored in encrypted form in the Access Table. Amicroprocessor is preferably provided on the adapter card 40 outside theIFC 45 to perform the table functions and to indicate to the IFC 45whether a particular address matches a table entry, and also to indicatethe appropriate key, if a match is found.

In the preferred embodiment, other aspects of the key management systemare implemented within the IFC ASIC. For example, logic is provided formaintaining and storing current keys, as well as for handling data inboth encrypted and decrypted form. As earlier noted, the IFC 45 in apreferred embodiment provides decryption functions for incoming framesas well as encryption and decryption functions for bulk data from thecomputer 50. To provide these features, the ASIC logic includes at leastthe following subblocks:

UK Register, for storing the User Key of the subscriber, which asdescribed above, is decrypted by the Master Key as it is loaded into theIFC 45;

GK Register, for storing a single Group Key. Although a subscriber mayhave access to more than one group, as described above, the preferredembodiment provides an access table outside the IFC 45 for storing theGroup Keys in encrypted form. When the IFC 45 receives an encryptedframe, it extracts the data stream address, and if the address matchesone of the access table entries, the appropriate Group Key is decryptedby the User Key as it is loaded into the IFC 45;

DK Register, for storing a Data Key to decrypt input data, whethersatellite data or computer data;

an encryption/decryption engine, for performing the actual decryption ofsatellite data, or encryption or decryption of computer data from othersources;

Input Registers, for storing input yet to be processed, preferablyincluding at least one register specifically designated for satellitedata and at least one register specifically designated for computerdata;

Opcode Registers, for indicating the location of the appropriate key fora particular operation and the location where the output should bestored, preferably including at least one register specificallydesignated for satellite data and at least one register specificallydesignated for computer data; and

Output Registers, preferably including at least one registerspecifically designated for satellite data and at least one registerspecifically designated for computer data from other sources.

In the preferred embodiment, the logic is implemented to providefunctions for loading Group Keys, loading Data Keys, processingsatellite data, and processing computer data. The Load Group Keyfunction is used to provide the IFC 45 with the necessary Group Key fordecryption, when the address of a received frame matches an addressstored in the access table. Input to the Load Group Key function is aGroup Key encrypted by the User Key. When the IFC 45 receives thisinstruction, it retrieves the User Key from the UK Register to decryptthe received Group Key, and stores the decrypted Group Key in the GKRegister.

A Load Data Key instruction indicates to the IFC 45 that the input is aData Key encrypted by a Group Key. In response, the IFC 45 will decryptthe input with the Group Key stored in the GK Register and store theresulting decrypted Data Key in the DK Register.

When the IFC 45 receives a Process Satellite Data instruction, the inputcontains an incoming satellite data stream frame. The IFC 45 locates theaddress in the address header of the frame and determines whether it hasthe Data Key necessary for decryption by searching the access table forthe frame address. If a match is found, the IFC 45 will retrieve theappropriate Group and Data Keys, decrypt the frame and store thedecrypted frame in an Output Buffer for satellite data; if not, the IFC45 will discard the frame.

Process Computer Data instructions are handled similarly. As previouslynoted, in the preferred embodiment, the IFC encryption/decryption engineis capable of encrypting and decrypting data from other sources,transmitted by the computer 50. To enable operations to besimultaneously performed on both incoming satellite frames as well asincoming computer data, the IFC 45 time shares between frame receptionand data encryption and decryption operations. To process computer data,the computer 50 must transmit the key to be used, an indication ofwhether the key is to be used for encryption or decryption, and the dataon which the operation is to be performed. Based on this input, the IFC45 will perform the appropriate operation on the data and return theprocessed data to the attached computer 50 via the Bus Interface Block46.

Thus, unlike systems described in prior art which simply transmitincoming data streams into the computer 50, the IFC 45 of the presentinvention allows the computer 50 only conditional access to receiveddata streams. In particular, only authorized signals are ever downloadedinto the computer 50. The preferred embodiment provides enhancedsecurity by ensuring that none of the keys required at any level ofdecryption ever appears outside the IFC ASIC in decrypted form, and byproviding multiple layers of security. These layers not only makeunauthorized access more difficult, but by implementing the layers inthe key management system, they also enable a fast, simple method torecover from most security problems. More specifically, in response toproblems due to an unauthorized user obtaining a User Key assigned to anauthorized subscriber, a new User Key can be distributed to thatsubscriber. Similarly, in response to security problems caused byunauthorized access to particular data streams, the data stream andgroup keys required for decrypting those data streams can be changed,and the updated keys provided only to authorized users.

Besides security, the IFC 45 provides data management benefits byefficiently using memory and computer processing time, which isespecially useful in downloading large files. The present inventionfilters incoming data stream frames by determining whether the computeris authorized to receive the frame based on its address, accepting onlyauthorized frames. This significantly reduces the adapter memoryrequirements, since individual frames are decrypted as they are receivedrather than requiring encrypted frames to be buffered in their entiretyawaiting decryption. This feature may eliminate the need for bufferingframes on the adapter entirely, eliminating the need for buffers on theadapter card 40 and providing a significant cost reduction.

Yet another advantage provided by the IFC 45 of the present invention isthat, by providing address-based frame decryption, the adapter card 40can simultaneously decrypt multiple data streams that are statisticallymultiplexed on the same broadcast signal.

One skilled in the art will recognize that variations for providing therequired capabilities of the IFC 45. For example, although the preferredembodiment is implemented with the three level security scheme describedabove, the present invention may be implemented with only two levels ofsecurity by providing only the User Keys and the Data Keys. In thiscase, the User Key serves the same purpose as in the three-level scheme,but the Data Keys will be provided to the adapter card 40 encrypted inthe User Key rather than in a Group Key. Other levels of security maylikewise be used without departing form the claimed invention.

5. Bus Interface Block

The Bus Interface Block 46 enables communication 46 a between thecomputer and the adapter card 40 for, among other things, controllingand monitoring the tuner 41 and the demodulator 43 and maintaining thekey management system. Additionally, the Bus Interface Block 46 allowsthe attached computer 50 to obtain decrypted frames from the IFC Block46, and to pass bulk data to the IFC 46 for encryption or decryption andreceive the resulting processed data. After performing the requiredoperation on incoming data, one implementation buffers the resultingdata in memory provided on the adapter card 40, and interrupts theattached computer 50 for retrieval. Alternatively, in a preferredembodiment, the Bus Interface Block 46 automatically reads the decrypteddata into the memory of the attached computer 50.

The present invention, as illustratively embodied in the preferredembodiment described above, provides an adapter card receiver 40, to beused in conjunction with a connected computer 50, for enabling users toconditionally access and quickly download multiple data streams, such assignals transmitted via satellite 20. The invention also maintains thesecurity of privileged information by preventing the information toenter the computer of unauthorized users.

However, it should be understood that a wide range of changes andmodifications can be made to the preferred embodiment described above.It is therefore intended that the foregoing detailed description beillustrative rather than limiting, and that it is the following claims,including all equivalents, which are intended to define the scope ofthis invention.

What is claimed is:
 1. An apparatus comprising: a connector that isconfigured to connect said apparatus to an antenna device comprising anantenna capable of receiving a signal from a satellite, wherein thesignal comprises a plurality of data streams, each of the plurality ofdata streams including identifying information that uniquely identifiesthe data stream and being encrypted so that the data stream is to bedecrypted using a key selected in accordance with the identifyinginformation; a tuner that is configured to receive a satellite signalfrom said connector and to perform tuning on the satellite signal; ademodulator that is configured to receive the tuned satellite signalfrom said tuner and to perform demodulation on the tuned satellitesignal, thereby outputting a demodulated data stream; a forward errorcorrector that is configured to receive the demodulated data stream fromsaid demodulator and to perform forward error correction on thedemodulated data stream, thereby outputting a corrected data stream; aconditional access unit that is configured to determine whether or not apersonal computer is authorized to receive a data stream of theplurality of data streams by comparing the identifying information ofthe corrected data stream to stored identifying information; a decryptorthat is configured to, in accordance with the determination by saidconditional access unit, receive the corrected data stream and toperform decryption upon encrypted frames within the corrected datastream, thereby outputting decrypted frames; and an interface that isconfigured to receive the decrypted frames from said decryptor and tooutput the decrypted frames to the personal computer for furtherprocessing.
 2. An apparatus according to claim 1, wherein said apparatusis insertable into the computer.
 3. An apparatus according to claim 2,wherein said apparatus is an adapter card.
 4. An apparatus according toclaim 1, wherein each encrypted frame comprises (a) as the identifyinginformation, an address header for identifying the data stream to whichthe frame belongs, (b) a data field containing data, and (c) a CRCfield.
 5. An apparatus according to claim 1, wherein the antenna devicefurther comprises a low noise block, and said connector is configured toprovide power to the low noise block using power from the computer. 6.An apparatus according to claim 5, wherein said connector is configuredto provide power to the low noise block by using a DC-DC converter toconvert power from the computer.
 7. An apparatus according to claim 6,wherein the DC-DC converter provides power to said tuner.
 8. Anapparatus according to claim 1, wherein said forward error correctorcomprises a Viterbi soft-decision decoder, depuncture logic, adeinterleaver, and a Reed-Solomon decoder.
 9. An apparatus according toclaim 1, wherein said tuner is controlled by the computer.
 10. Anapparatus according to claim 1, wherein the personal computer monitorssaid demodulator.
 11. An apparatus according to claim 1, wherein saidinterface interrupts the computer to retrieve the decrypted frames. 12.An apparatus according to claim 1, wherein said interface automaticallytransfers the decrypted frames into memory of the computer.
 13. Anapparatus comprising: a connector that is configured to connect saidapparatus to an antenna device comprising an antenna capable ofreceiving a signal from a satellite, wherein the signal comprises aplurality of data streams, each of the plurality of data streamsincluding identifying information that uniquely identifies the datastream and being encrypted so that the data stream is to be decryptedusing a key selected in accordance with the identifying information; atuner that is configured to receive a satellite signal from saidconnector and to perform tuning on the satellite signal; a demodulatorthat is configured to receive the tuned satellite signal from said tunerand to perform demodulation on the tuned satellite signal, therebyoutputting a demodulated data stream, a forward error corrector that isconfigured to receive the demodulated data stream from said demodulatorand to perform forward error correction on the demodulated data stream,thereby outputting a corrected data stream; a conditional access unitthat is configured to determine whether or not the personal computer isauthorized to receive a data stream of the plurality of data streams bycomparing the identifying information of the corrected data stream tostored identifying information; a decryptor that is configured to, inaccordance with the determination by the conditional access unit,receive the corrected data stream and to perform decryption uponencrypted frames within the corrected data stream, thereby outputtingdecrypted frames; and an interface that is configured to receive thedecrypted frames from said decryptor and to output the decrypted framesto the personal computer, wherein said apparatus is an adapter cardinsertable into the personal computer, wherein each encrypted framecomprises, as the identifying information, an address header, whereinthe antenna device further comprises a low noise block, and saidconnector is configured to provide power to the low noise block usingpower from the personal computer, wherein said forward error correctorcomprises a Viterbi decoder, wherein said tuner is controlled by thepersonal computer.
 14. An apparatus according to claim 13, wherein saidconnector is configured to provide power to the low noise block by usinga DC-DC converter to convert power from the personal computer.
 15. Anapparatus according to claim 13, wherein said decryptor decrypts theencrypted frames using a key obtained in accordance with the addressheader identifying the data stream to which the frame belongs.
 16. Anapparatus according to claim 13, wherein said apparatus discardsencrypted frames where no key is available for decryption to preventencrypted frames from being transferred to the personal computer.
 17. Anapparatus according to claim 13, wherein said decryptor decrypts theencrypted frames on a frame-by-frame basis.
 18. An apparatus accordingto claim 13, wherein said decryptor decrypts the encrypted frames on aframe-by-frame basis using a key obtained in accordance with the addressheader identifying the data stream to which the frame belongs, and saidapparatus discards encrypted frames where no key is available fordecryption to prevent encrypted frames from being transferred to thepersonal computer.
 19. An apparatus according to claim 13, wherein saidforward error corrector further comprises depuncture logic, adeinterleaver, and a Reed-Solomon decoder.
 20. An apparatus according toclaim 1, wherein the demodulation is performed in accordance withcontrol by the personal computer.
 21. An apparatus according to claim13, wherein the demodulation is performed in accordance with control bythe personal computer and wherein the personal computer monitors saiddemodulator.